Skip to content

Commit

Permalink
Merge pull request #38 from zopefoundation/issue19
Browse files Browse the repository at this point in the history
Document behaviour of ParanoidSecurityPolicy when there are no participations
  • Loading branch information
jamadden authored Sep 11, 2017
2 parents e0e6f98 + a844ed4 commit 54ee5cd
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 15 deletions.
11 changes: 9 additions & 2 deletions src/zope/security/simplepolicies.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,12 @@
@zope.interface.implementer(IInteraction)
@zope.interface.provider(ISecurityPolicy)
class ParanoidSecurityPolicy(object):
"""Prohibit all access exctp to public items, or by explicit principals"""
"""
Prohibit all access by any non-system principal, unless the item is public.
This means that if there are no participations (and hence no
principals), then access is allowed.
"""

def __init__(self, *participations):
self.participations = []
Expand Down Expand Up @@ -58,7 +63,9 @@ def checkPermission(self, permission, object):

@zope.interface.provider(ISecurityPolicy)
class PermissiveSecurityPolicy(ParanoidSecurityPolicy):
"""Allow all access."""
"""
Allow all access.
"""

def checkPermission(self, permission, object):
return True
28 changes: 15 additions & 13 deletions src/zope/security/tests/test_simplepolicies.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@

class ConformsToIInteraction(object):

def _getTargetClass(self):
raise NotImplementedError("Subclass responsibility")

def _makeOne(self, *participations):
return self._getTargetClass()(*participations)

def test_class_conforms_to_IInteraction(self):
from zope.interface.verify import verifyClass
from zope.security.interfaces import IInteraction
Expand All @@ -35,9 +41,6 @@ def _getTargetClass(self):
from zope.security.simplepolicies import ParanoidSecurityPolicy
return ParanoidSecurityPolicy

def _makeOne(self, *participations):
return self._getTargetClass()(*participations)

def test_ctor_no_participations(self):
policy = self._makeOne()
self.assertEqual(policy.participations, [])
Expand Down Expand Up @@ -70,7 +73,7 @@ class Participation(object):
p1, p2, p3 = Participation(), Participation(), Participation()
policy = self._makeOne(p1, p2, p3)
policy.remove(p2)
target = object()

self.assertEqual(policy.participations, [p1, p3])
self.assertTrue(p1.interaction is policy)
self.assertTrue(p2.interaction is None)
Expand Down Expand Up @@ -101,18 +104,20 @@ class Participation(object):
target = object()
self.assertFalse(policy.checkPermission(permission, target))

def test_checkPermission_w_no_participations(self):
# The permission and object don't matter: if there are no
# participations, access is allowed.
policy = self._makeOne()
self.assertTrue(policy.checkPermission(None, None))
self.assertTrue(policy.checkPermission(self, self))

class PermissiveSecurityPolicyTests(unittest.TestCase,
ConformsToIInteraction,
):
ConformsToIInteraction):

def _getTargetClass(self):
from zope.security.simplepolicies import PermissiveSecurityPolicy
return PermissiveSecurityPolicy

def _makeOne(self, *participations):
return self._getTargetClass()(*participations)

def test_checkPermission_w_public(self):
policy = self._makeOne()
permission = object()
Expand All @@ -121,7 +126,4 @@ def test_checkPermission_w_public(self):


def test_suite():
return unittest.TestSuite((
unittest.makeSuite(ParanoidSecurityPolicyTests),
unittest.makeSuite(PermissiveSecurityPolicyTests),
))
return unittest.defaultTestLoader.loadTestsFromName(__name__)

0 comments on commit 54ee5cd

Please sign in to comment.